The Hacker News — Cyber Security, Hacking, Technology News

Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet after NICE Systems, a third-party vendor, mistakenly left the sensitive users’ details open on a server.

Chris Vickery, researcher and director of cyber risk research at security firm UpGuard, discovered the exposed data on an unprotected Amazon S3 cloud server that was fully downloadable and configured to allow public access.

The exposed data includes sensitive information of millions of customers, including their names, phone numbers, and account PINs (personal identification numbers), which is enough for anyone to access an individual's account, even if the account is protected by two-factor authentication.

NICE Systems is an Israel-based company that is known for offering wide-range of solutions for intelligence agencies, including telephone voice recording, data security, and surveillance.

According to the researcher, it is unknown that why Verizon has allowed a 3rd party company to collect call details of its users, however, it appears that NICE Systems monitors the efficiency of its call-center operators for Verizon.

The exposed data contained records of customers who called the Verizon's customer services in the past 6 months, which are recorded, obtained and analyzed by NICE.

Interestingly, the leaked data on the server also indicates that NICE Systems has a partnership with Paris-based popular telecommunication company "Orange," for which it also collects customer details across Europe and Africa.

"Finally, this exposure is a potent example of the risks of third-party vendors handling sensitive data," O'Sullivan said.

"NICE Systems' history of supplying technology for use in intrusive, state-sponsored surveillance is an unsettling indicator of the severity of this breach of privacy."

Vickery had privately informed Verizon team about the exposure in late June, and the data was then secured within a week.

Vickery is a reputed researcher, who has previously tracked down many exposed datasets on the Internet.

Just last month, he discovered an unsecured Amazon S3 server owned by data analytics firm Deep Root Analytics (DRA), which exposed information of more than 198 Million United States citizens, that's over 60% of the US population.

In March this year, Vickery discovered a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) which was also left unsecured on Amazon cloud storage server for anyone to access.

In the same month, the researcher also discovered an unsecured and publicly exposed database, containing nearly 1.4 Billion user records, linked to River City Media (RCM).

If the death of online privacy rules wasn't enough for Internet Service Providers and advertisers to celebrate, Verizon has planned to pre-install spyware on customers' Android devices in order to collect their personal data.

The telecom giant has partnered with Evie Launcher to bring a new application called 'AppFlash' — a universal search bar that will come pre-installed on the home screens of all Verizon Android handsets for quickly finding apps and web content.

AppFlash is simply a Google search bar replacement, but instead of collecting and sending telemetry data including what you search, handset, apps and other online activities to Google, it will send to Verizon.

What's worse? Just like other pre-installed bloatware apps, Android users can't uninstall AppFlash quickly, unless they have rooted their phone.

AppFlash allows you to search inside apps or browse through listings of nearby restaurants and entertainment. The built-in Google Search can also do all these stuff. So, there's nothing this app does that a Google search can’t.

Then what's the need for this app? Of course, selling your data to advertisers or other big data companies and make money — thanks to the US Senate that allowed ISPs to collect and sell your data without permission and banned the FCC from ever passing any rule that would limit these powers.

We collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them.

We also access information about the list of apps you have on your device. With your permission, AppFlash also collects information about your device’s precise location from your device operating system as well as contact information you store on your device.

AppFlash information may be shared within the Verizon family of companies, including companies like AOL who may use it to help provide more relevant advertising within the AppFlash experiences and in other places, including non-Verizon sites, services, and devices.

What's more? There is a 'Suggested Apps' section on the AppFlash main screen, which means that those apps have paid Verizon a good price to list on the main screen.

How to Get Rid of ‘AppFlash’ on Your Verizon Android Phone

Users can get rid of this bloatware in two ways: you can either root your device and remove the app in question, or only disable the app.

1. Root to remove AppFlash from Android: Since the company has made AppFlash a default app on the home screen of its Android handsets to help users search content and browse the internet, the app can not be uninstalled.

So, in order to uninstall AppFlash, you are required to root your Android device and then delete the app from your storage memory.2. Disable AppFlash without Root: Since rooting is a dangerous process that void your device warranty, you can simply disable AppFlash.

Disabling bloatware apps on newer phones is easy, as Android has a built-in way to do this, which doesn't require any root access.

Just head on to Settings → Apps (or 'Applications' on some phones) → AppFlash. Now open it and click 'Disable,' 'Force Stop' and then 'Clear Data' as well.